Description
Description
Docker run with --sysctl option works with --net=host. In Document, it is said that it should not work with --net=host.
net.ipv4.ip_forward value should be either 1 or 0. It accepts anything other than 1 and 0
Document link:
https://docs.docker.com/engine/reference/commandline/run/#/full-container-capabilities---privileged
Steps to reproduce the issue:
- Create container with --net=host an --sysctl
docker run -it --sysctl net.ipv4.ip_forward=1 --net=host ubuntu
which should not be allowed - docker run -it --sysctl net.ipv4.ip_forward=a --net=host ubuntu
Should give proper error saying 'option value should be 0 or 1'
Describe the results you received:
- Create container with --net=host an --sysctl
docker run -it --sysctl net.ipv4.ip_forward=1 --net=host ubuntu
:- Accepted --net=host with --sysctl - docker run -it --sysctl net.ipv4.ip_forward=a --net=host ubuntu
:- Failed with error "docker: Error response from daemon: oci runtime error: write /proc/sys/net/ipv4/ip_forward: invalid argument.
"
Describe the results you expected: - Create container with --net=host an --sysctl
docker run -it --sysctl net.ipv4.ip_forward=1 --net=host ubuntu
:- Should not accept --net=host with --sysctl - docker run -it --sysctl net.ipv4.ip_forward=a --net=host ubuntu
:- Should give proper error saying 'option value should be 0 or 1'
Additional information you deem important (e.g. issue happens only occasionally):
Issue happens every time
Output of docker version:
[root@nfs-server infra_manager]# docker version
Client:
Version: 1.12.1
API version: 1.24
Go version: go1.6.3
Git commit: 23cf638
Built:
OS/Arch: linux/amd64
Server:
Version: 1.12.1
API version: 1.24
Go version: go1.6.3
Git commit: 23cf638
Built:
OS/Arch: linux/amd64
Output of docker info:
Containers: 6
Running: 0
Paused: 0
Stopped: 6
Images: 1
Server Version: 1.12.1
Storage Driver: devicemapper
Pool Name: docker-253:1-747269-pool
Pool Blocksize: 65.54 kB
Base Device Size: 10.74 GB
Backing Filesystem: xfs
Data file: /dev/loop0
Metadata file: /dev/loop1
Data Space Used: 209.2 MB
Data Space Total: 107.4 GB
Data Space Available: 1.883 GB
Metadata Space Used: 1.065 MB
Metadata Space Total: 2.147 GB
Metadata Space Available: 1.883 GB
Thin Pool Minimum Free Space: 10.74 GB
Udev Sync Supported: true
Deferred Removal Enabled: false
Deferred Deletion Enabled: false
Deferred Deleted Device Count: 0
Data loop file: /var/lib/docker/devicemapper/devicemapper/data
WARNING: Usage of loopback devices is strongly discouraged for production use. Use --storage-opt dm.thinpooldev to specify a custom block storage device.
Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata
Library Version: 1.02.107-RHEL7 (2016-06-09)
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host null overlay
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Security Options: seccomp
Kernel Version: 3.10.0-327.36.1.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 7.797 GiB
Name: nfs-server.cisco.com
ID: YCHJ:GOSU:POEO:MGF3:C3QV:ZWIR:T5ZK:POHY:XBQS:CH7O:RLVB:75AZ
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Username: dattatrayakumbhar04
Registry: https://index.docker.io/v1/
Insecure Registries:
127.0.0.0/8
Additional environment details (AWS, VirtualBox, physical, etc.):
Instance is on aws ..
OS: ubuntu/centos